<?php
session_start();
$_SESSION['hallpass'] = true;
include "DBConnection.php";
require_once "./Objects/User.php";
require_once "security.php";
//require "referer.php";
 
//$flag = session_start();

//if($flag==true)
	//echo "<p> <b> Cannot start session </b> </p>";
//check if an attacker is trying to spoof us
//is_spoofing("register") -- Currently not really working;


/*{	OLD IDEA TO SEND TO ERROR PAGE, BUT WHY? JUST REDIRECT TO THE REAL FORM WE CREATED
	$_SESSION['error'] = "spoof_form";
	//$_SESSION['error'] = "spoof_form";
	header('Location: error_page.php');
}*/


echo "<br>";
echo uniqid(rand(0,10), true);
echo "<br>";
echo rand(0,10);
echo "<br>";

$email = $_POST['email'];

$_SESSION['email'] = $email;

$password = $_POST['password'];
$salt = createSalt();
$hash = crypt($password, $salt);

//spl_autoload_register();
//include("DBConnection.php");
$connection = new Connection(); //connect to the DB

//avoid SQL Injection
$user = new User(mysql_real_escape_string($_POST['email']),mysql_real_escape_string($hash),$salt,time());

$location = $_POST['location'];
//avoid SQL Injection
/*
$email = mysql_real_escape_string($_POST['email']);
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$id = mysql_real_escape_string($_POST['id']);
$hash = mysql_real_escape_string($hash);
//$pass = mysql_real_escape_string($_POST['pass']);
//$pass = crypt($pass);

*/
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$id = mysql_real_escape_string($_POST['id']);
//$cell = mysql_real_escape_string($_POST['cell']);

$confirmation_code = uniqid(rand(0,10), true);

//FOR DEVELOPMENT REASONS WE WRITE TO worker, BUT NEED TO CHANGE IT TO temp_user
/*$query="INSERT INTO workertrack.worker (w_email, firstname, lastname,w_id,pass,salt,confirmation)
VALUES ('$user->email','$fname','$lname','$id','$user->password','$salt','$confirmation_code')";
*/

$query="INSERT INTO workertrack.worker (w_email, firstname, lastname,pass,salt,location)
VALUES ('$user->email','$fname','$lname','$user->password','$salt','$location')";
$connection->execute_query($query);


$connection->close_connection();

/*
$to = $user->email;
$from = "a";
$subject = "Thank you for registering to WorkerTrack!";

$body = "Hello , please use this  link to confirm your email http://localhost/webproject/PHP/confirmation.php?conf=$confirmation_code";


if (mail($to, $subject, $body,$from)) {
   echo("<p>Message successfully sent!</p>");
  } else {
   echo("<p>Message delivery failed...</p>");
  }
*/

//For development - continuing without spoof security and e-mail confirm
header('Location: ../HTML/resworker.php');
$_SESSION['hallpass'] = false;
?>